Cybercriminals are switching tactics, a leading security body has warned – and the combination of anonymization technologies, mobile devices, and social media attacks could lead to cyberattacks with a “large impact”.

Drive-by exploits were identified as the number-one threat facing companies and computer users, but the company warned that other threats were rising in popularity – such as malicious browser extensions. “It is worth mentioning that an increase in malicious browser extensions has been registered, aimed at taking over social network accounts,” ENISA said. An ESET report on a malicious extension in the popular Orbit downloader can be found here.

“There is a shift from Botnets to malicious URLs as the preferred means to distribute malware. An advantage of URLs as a distribution mechanism lies in the fact that URLs are not such an easy target for law enforcement takedowns,” the report said.

The report also pointed out that cybercriminals were increasingly threatening infrastructure with targeted attacks, and an increase in the use of mobile devices and social media identity theft carried out via cloud services.

“It is clear that mobile technology is increasingly exploited by cyber-criminals. Threats of all kinds that were encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms. The wide spread of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media,” the report said.

The availability of cryptocurrencies and digital currencies also provided cybercriminals with an easy means to “launder” their gains, the report said – and also pointed out the increasing threat of cybercriminals offering “services” alongside malware.

“The availability of malware and cyber-hacking tools and services, together with digital currencies (e.g. Bitcoins) and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.”

ESET Senior Research Fellow David Harley said, “The most worrying aspect is the support services package. Unfortunately, developing such support networks is something for which Eastern European gangs have shown particular flair in recent years. I suspect that we’ll see similar packages associated with banking Trojans that have the functionality to access information from smart card readers attached to Windows machines. “

ENISA warns that the increasing use of attacks which combine various techniques – mobile, anonymised attacks, and “cyber services” such as money laundering, could lead to serious threats.

“There is a real possibility of large impact events when attacks combining various threats are successfully launched,” the report said.

Executive Director of ENISA, Professor Udo Helmbrecht said: “This short, interim report informs security stakeholders as early as possible about developments in cyber threats, so that they are able to take countermeasures”.

A very one-sided report dominated by IT cybversecurity thinking. Left out of the “threat landscape” are industrial control systems (ICS) which form the backbone of critical infrastructures such as electric grids, transportation management systems, gas pipelines and other utilities. All of the things we rely on to carry out a normal life. One must appreciate the scale of the threat in terms of IT and ICS cybersecurity. To the IT world a DOS means not being able to access data on your computer or at some website. To the ICS world DOS meansmeans no electricity, no gas, and no water. An intentional cyber attack or unintentional cyber incident on an ICS can result in loss of “view” and/or “control” of a critical process. Surely a threat to the ICS environment represents a danger of a different order than cybercrime, DOS or a botnet. This other environment should also be evaluated in the final report.